CVE-2011-0199Improper Certificate Validation in Apple MAC OS X

CWE-295Improper Certificate ValidationCWE-20Improper Input Validation3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 61.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedJun 24
Latest updateMay 17

Description

The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDapple/mac_os_x_server10.6.010.6.8
NVDapple/mac_os_x10.6.010.6.8

Patches

Patch: lists.apple.comPatch: support.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-c9fj-rcg9-g5cf: The Certificate Trust Policy component in Apple Mac OS X before 102022-05-17
CVEList
CVE-2011-0199: The Certificate Trust Policy component in Apple Mac OS X before 102011-06-24
CVE-2011-0199 — Improper Certificate Validation | cvebase